Information Security Manager

ZEISS in India

ZEISS in India is headquartered in Bengaluru and present in the fields of Industrial Quality Solutions, Research Microscopy Solutions, Medical Technology, Vision Care and Sports & Cine Optics.

ZEISS India has 3 production facilities, R&D center, Global IT services and about 40 Sales & Service offices in almost all Tier I and Tier II cities in India. With 2200+ employees and continued investments over 25 years in India, ZEISS’ success story in India is continuing at a rapid pace. 

Further information at ZEISS India.

• Support the Business Information Security organization with the coordination of activities and projects by applying well-established project management standards. Proactively provide proposals for the continuous improvement of project-related activities.
• Maintain and develop the reporting of activities and KPIs for the BIS organization.
• Own, define and document the Asset Management process, in alignment with corporate governance.
• Ensure that the existing asset inventories (enterprise and web applications, digital products, IT supporting assets, production equipment) are maintained and complete by performing regular audits, reporting findings and tracking mitigation measures.
• Contribute to the risk management process by conducting risk identification workshops with the subject matter experts, guide risk evaluation and track the implementation of mitigation measures.
• Provide guidance to the business areas regarding asset and information classification based on their sensitivity, criticality, and value to the organization.
• Evaluate the findings of automated vulnerability scanning tools (e.g., ImmuniWeb), prioritize findings in terms of criticality, and ensure that the findings are mitigated by the respective asset owners.
• Support the BIS organization with the review of security-related documentation created by the business areas, e.g., check information classification, completeness of information and adequacy of proposed controls.

Education / Professional Certification

University degree in computer science and business systems, cybersecurity, information systems or related education; with an excellent academic record.

Holding a valid certification by a well-recognized information security organization is of advantage, e.g., ISC2 SSCP, ISACA CSX-P. Additionally, a training or certification in project management is of advantage, e.g., IPMA Level D or equivalent.

Experience

At least 5 years’ work experience as an information security expert or risk management expert in the industry, e.g., vulnerability management.

Previous experience in a regulated industry is of advantage, e.g., medical, finance, insurance.

Experience working in an international, multicultural and multidisciplinary environment.

Knowledge / Skills / Other characteristics

Understanding of cybersecurity principles and practices. Familiar with the applicable international cybersecurity regulations and standards, e.g., ISO 27k family.

Familiarity with low-code programming or scripting languages (e.g., Python) and experience with Microsoft Power Platform is of advantage.

Experience with agile project management tools, e.g., Microsoft Azure DevOps or Atlassian Jira.

Excellent Business English skills for professional communication and documentation. Proficiency in further widely used business languages is of advantage.

Strong analytical and problem-solving skills.

Effective communication skills for collaborating with international, multidisciplinary teams and explaining technical concepts to non-technical stakeholders.

Willingness to continuously learn and stay updated with the latest security trends and technologies in the rapidly evolving field of cybersecurity.

Your ZEISS Recruiting Team:

Itishree Pani